Communication System and Communication Method

ABSTRACT

The present invention relates to communication system, communication method, information processor, method, device, program, and recording medium which permit plural algorithms to be treated and which can impart expansibility to communications. 
     A capability list  102  stores a capability list in which capabilities regarding algorithms for encryption and decryption treated by a reader/writer  100  are described. Similarly, a capability list  202  stores a capability list in which capabilities regarding algorithms for encryption and decryption treated by an IC card  200  are described. The reader/writer  100  and the IC card  200  exchange their mutual capability lists, select algorithms capable of securing a security level according to the importance of the data sent and received, and perform communications based on the selected algorithms. The present invention can be applied, for example, to a device that performs communications by the NFCIP method.

TECHNICAL FIELD

The present invention relates to communication system, communicationmethod, information processor, information processing method, device,program, and recording medium and, more particularly, to communicationsystem, communication method, information processor, informationprocessing method, device, program, and recording medium which enablecommunications to be performed taking account of mutual communicationcapabilities and so on when secure and convenient informationcommunications are performed.

BACKGROUND ART

As the information technology has evolved, communication systems inwhich information processors such as computers are connected by WLANs(wireless local area networks), Bluetooth™, or other wirelesscommunication means to send and receive files, data, and otherinformation and share information have been built.

Motion picture data, music data, and other large-capacity data are sentand received by utilizing a device which is equipped with broadbandcommunication functions such as a communication device capable ofbroadband communications using Bluetooth or the like, the communicationdevice being installed in a cell phone or personal computer. Meanwhile,in data communications relying on broadband communications, encryptionprocessing for encrypting data is generally introduced to reduce thedanger of eavesdropping of data by a third-party's device equipped withbroadband communication functions, forgery of data, and other securitydangers even in broadband communications.

However, in order to execute encryption processing in broadbandcommunications typified by Bluetooth, it is first necessary to identifythe communicating party. Because communicable areas of broadbandcommunications are wide, there is the possibility that an unexpecteddevice equipped with broadband communication functions is identified asthe communicating party.

Even if the communicating party is identified, it is necessary to sharesession keys for starting a more secure communication between bothcommunicating parties. Because of the characteristics that thecommunicable areas of broadband communications are wide, when sessionkeys are sent to a communicating party, there is the possibility thatthe keys are eavesdropped and decrypted by a broadband communicationfunction-equipped device used by a third party. Therefore, it isnecessary to enhance the strength of the session keys (e.g., increasethe key length). For this purpose, it has been necessary that thebroadband communication function-equipped device have high processingcapabilities.

Accordingly, it has been proposed to enable session keys to be sharedsecurely between both communication devices (see, for example, patentreference 1).

Communications disclosed in patent reference 1 are now described brieflywith reference to FIG. 1. Devices performing communications are hereinreferred to as an initiator and a target, respectively.

The initiator creates and sends a key in step S11. The initiatorexecutes polling (processing for inquiry), for example. If a response tothe polling is sent in from the target, the initiator receives theresponse and creates an encryption key and a decryption key. Theinitiator sends the created encryption key to the target.

In step 21, the target receives the encryption key. In step S22, thetarget generates random numbers. The generated random numbers are takenas a session key. The session key is encrypted using the receivedencryption key as a key. The encrypted session key is sent to theinitiator.

In step S12, if the initiator receives the encrypted session key fromthe target, the initiator decrypts the key with a decryption key andderives the session key. In step S13, communications using the decryptedsession key are started.

If the initiator receives the encrypted session key in this way, theinitiator decrypts the encrypted session key with the already generateddecryption key, thus obtaining the session key. In this way, the commonsession key is shared between the initiator and the target.Communications using the session key, e.g., communications in which datasent and received with the session key are encrypted, are performed.

-   Patent reference 1: JP-A-2006-14076

DISCLOSURE OF THE INVENTION

Problem that the Invention is to Solve

As disclosed in patent reference 1, secure communications can beperformed if a session key is shared. Furthermore, more securecommunications can be performed if the algorithm is changed, forexample, by data sent and received. In addition, expansiblecommunications can be performed.

In view of these circumstances, the present invention has been made andis intended to enable more secure communications and permit expansiblecommunications.

Means for Solving the Problem

An information processing system of one aspect of the present inventionis a communication system composed of an information processor and adevice performing communications. The information processing systemcomprises: sending means sending a list indicating capabilitiesregarding encryption from one of the information processor and thedevice to the other; decision means determining an algorithm by whichthe other receiving the list sent by the sending means refers to thereceived list and can perform communications with the one withcapabilities regarding encryption of its own; and communication meansperforming communications by the algorithm determined by the decisionmeans.

A communication method for an information processing system of oneaspect of the present invention is a communication method for acommunication system composed of an information processor and a deviceperforming communications. A list indicating capabilities regardingencryption is sent from one of the information processor and the deviceto the other. The other receiving the sent list refers to the receivedlist, determines an algorithm by which communications with the one canbe performed with capabilities regarding encryption of its own, andperforms communications by the determined algorithm.

In information processing system and communication method of one aspectof the present invention, a list indicating capabilities regardingencryption is sent from at least one of devices performingcommunications to the other. The receiving side determines an algorithmused for communications. Communications are performed based on thedetermined algorithm.

An information processor of one aspect of the present invention is aninformation processor performing communications with a device andcomprises: storage means storing a first capability list indicatingcapabilities regarding encryption; reception means for receiving asecond capability list indicating capabilities regarding encryption ofthe device; decision means determining an algorithm by whichcommunications are performed with the device by referring to the firstcapability list and the second capability list; and sending meanssending identification information for identifying the algorithmdetermined by the decision means and a key or key material relying onthe algorithm to the device.

It is possible that there is further provided list-sending means thatselects an algorithm becoming a candidate when decision processing isperformed by the decision means from the first capability list, createsa third capability list in which the selected algorithm is written, andsends the created list to the device.

The decision means can determine the algorithm according to a securitylevel.

A method of information processing of one aspect of the presentinvention is a method of information processing for an informationprocessor that performs communications with a device. The methodincludes the steps of: managing a first capability list indicatingcapabilities regarding encryption; controlling reception of a secondcapability list indicating capabilities regarding encryption of thedevice; referring to the first capability list and the second capabilitylist and determining an algorithm by which communications with thedevice are performed; and controlling sending of identificationinformation for identifying the algorithm determined by processing ofthe determining step and a key or key material relying on the algorithmto the device.

A program of one aspect of the present invention is a program for acomputer that controls an information processor performingcommunications with a device. The program includes the steps of:managing a first capability list indicating capabilities regardingencryption; controlling reception of a second capability list indicatingcapabilities regarding encryption of the device; referring to the firstcapability list and the second capability list and determining analgorithm by which communications with the device are performed; andcontrolling sending of identification information for identifying thealgorithm determined by processing of the determining step and a key orkey material relying on the algorithm to the device.

A program is recorded on a recording medium of one aspect of the presentinvention, the program acting to cause an information processorperforming communications with a device to perform processing includingthe steps of: managing a first capability list indicating capabilitiesregarding encryption; controlling reception of a second capability listindicating capabilities regarding encryption of the device; referring tothe first capability list and the second capability list and determiningan algorithm by which communications with the device are performed; andcontrolling sending of identification information for identifying thealgorithm determined by processing of the determining step and a key orkey material relying on the algorithm to the device.

In the information processor, method of information processing, andprogram of one aspect of the present invention, an algorithm by whichcommunications are performed is determined from capabilities regardingencryption of a remote communicating party and from capabilitiesregarding encryption of the local party, and communications are carriedout based on the determined algorithm.

A device of one aspect of the present invention is a device performingcommunications with an information processor and comprises: sendingmeans sending a capability list indicating capabilities regardingencryption to the information processor; reception means receivingidentification information for identifying an algorithm which is usedwhen data is sent and received and which is determined by theinformation processor; and encryption-decryption means identifying thealgorithm from the identification information and encrypting ordecrypting data by the identified algorithm.

It is possible that there is further provided second reception meansreceiving a second capability list indicating capabilities regardingencryption of the information processor. Capabilities that can betreated by the processor itself and are selected from the capabilitiesdescribed in the second capability list are described in the capabilitylist sent by the sending means.

A method of information processing of one aspect of the presentinvention is a method of information processing for a device performingcommunications with an information processor, and includes the steps of:controlling sending of a capability list indicating capabilitiesregarding encryption to the information processor; controlling receptionof identification information for identifying an algorithm which is usedwhen data is sent and received and which is determined by theinformation processor; and identifying the algorithm from theidentification information and encrypting or decrypting data by theidentified algorithm.

A program of one aspect of the present invention is a program for acomputer that controls a device performing communications with aninformation processor, and includes the steps of: controlling sending ofa capability list indicating capabilities regarding encryption to theinformation processor; controlling reception of identificationinformation for identifying an algorithm which is used when data is sentand received and which is determined by the information processor; andidentifying the algorithm from the identification information andencrypting or decrypting data by the identified algorithm.

A program is recorded on a recording medium of one aspect of the presentinvention, the program acting to cause a device performingcommunications with an information processor to perform processingincluding the steps of: controlling sending of a capability listindicating capabilities regarding encryption to the informationprocessor; controlling reception of identification information foridentifying an algorithm which is determined by the informationprocessor and which is used when data is sent and received; andidentifying the algorithm from the identification information andencrypting or decrypting data by the identified algorithm.

In device, method of information processing, and program of one aspectof the present invention, a list indicating capabilities regardingencryption is sent. Information specifying an algorithm by whichcommunications are performed is received. Encryption or decryption isperformed based on the algorithm.

Advantages of the Invention

According to one aspect of the present invention, plural algorithms andmethods of decryption can be selected. Furthermore, communications canbe performed by the selected method.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flowchart illustrating one example of the prior-artcommunication system.

FIG. 2 is a diagram showing the configuration of one embodiment of acommunication system of the present invention.

FIG. 3 is a flowchart illustrating the operation of the communicationsystem.

FIG. 4 is a flowchart illustrating the operation of a reader/writer.

FIG. 5 is a diagram illustrating a capability list.

FIG. 6 is a diagram illustrating a capability list.

FIG. 7 is a flowchart illustrating the operation of an IC card.

FIG. 8 is a diagram showing another example of configuration of thecommunication system.

FIG. 9 is a flowchart illustrating other operation of the reader/writer.

FIG. 10 is a flowchart illustrating other operation of the IC card.

FIG. 11 is a flowchart illustrating the operation of the communicationsystem.

FIG. 12 is a diagram illustrating a capability list.

FIG. 13 is a diagram illustrating a capability list.

FIG. 14 is a diagram illustrating a capability list.

FIG. 15 is a diagram illustrating a capability list.

DESCRIPTION OF REFERENCE NUMERALS AND SIGNS

50: communication system; 100: reader/writer; 101: control portion; 102:capability list storage portion; 103: key creation portion; 104: datastorage portion; 105: encryption portion; 106: decryption portion; 107:communication portion; 200: IC card; 201: control portion; 202:capability list storage portion; 203: random number creation portion;204: data storage portion; 205: encryption portion; 206: decryptionportion; 207: communication portion; 301: key creation portion

BEST MODE FOR CARRYING OUT THE INVENTION

Embodiments of the present invention are hereinafter described withreference to the drawings.

[Example of Configuration of System]

FIG. 2 is a block diagram showing an example of configuration in oneembodiment of a communication system 50 to which the present inventionis applied. The communication system 50 is composed of a reader/writer100 and an IC card 200. The reader/writer 100 and IC card 200 performcommunications wirelessly, for example, via antennas or the likepossessed by them.

The reader/writer 100 is configured including a control portion 101, acapability list storage portion 102, a key creation portion 103, a datastorage portion 104, an encryption portion 105, a decryption portion106, and a communication portion 107.

The control portion 101 is configured including a CPU (centralprocessing unit), for example, and controls various portions of thereader/writer 100. The capability list storage portion 102 stores a listof capabilities regarding communications as described later, especiallya list of capabilities regarding encryption methods and decryptionmethods (algorithms: in the present specification, the description“algorithm” may include a method and the lengths of keys for themethod). The capability list stored in the capability list storageportion 102 is offered to the IC card 200 via the communication portion107 as the need arises. The key creation portion 103 creates keys usedfor encryption and decryption.

The data storage portion 104 is configured including storage media, suchas a RAM (random access memory) and a ROM (read only memory), and arecording medium. The data storage portion stores programs and datanecessary for the control portion 101 to control various portions of thereader/writer 100. Furthermore, the data storage portion stores datafrom the IC card 200 and data offered to the IC card 200.

The encryption portion 105 encrypts a key and data supplied to the ICcard 200. The decryption portion 106 decrypts the encrypted key and datafrom the IC card 200. Each of the encryption portion 105 and thedecryption portion 106 performs encryption or decryption based on one ofplural algorithms described in the capability list. Plural (more than 1)algorithms that can be treated by the device itself are described in thecapability list. One of the plural described algorithms is selected(specified), and encryption or decryption is performed based on theselected (specified) algorithm.

The communication portion 107 performs communications with the IC card200. The communication portion 107 of the reader/writer 100 is designedto radiate given electromagnetic waves and detect as to whether or notthe IC card 200 has been brought close to the reader/writer, based onvariations in the load responsive to the electromagnetic waves. Forexample, the communication portion is configured including an antenna(not shown) which, when the IC card 200 is brought close, various kindsof data are sent and received to and from the IC card 200.

The communication portion 107 ASK-(amplitude shift keying) modulates acarrier wave of a given frequency supplied, for example, from anoscillator circuit (OSC) based on data sent to the IC card 200 andoutputs the generated modulated wave from the antenna as electromagneticwaves. Furthermore, the communication portion 107 demodulates themodulated wave (ASK modulated wave) derived via the antenna, andsupplies the demodulated data to the control portion 101 and so onaccording to circumstances.

The IC card 200 is configured including a control portion 201, acapability list storage portion 202, a random number creation portion203, a data storage portion 204, an encryption portion 205, a decryptionportion 206, and a communication portion 207.

The control portion 201 is configured including a CPU, for example, andcontrols various portions of the IC card 200. The capability liststorage portion 202 stores a list of capabilities regardingcommunications as described later, especially, capabilities regardingencryption methods and decryption methods (algorithms). The capabilitylist stored in the capability list storage portion 202 is offered to thereader/writer 100 via the communication portion 207 as the need arises.The random number creation portion 203 generates random numbers. Thegenerated random numbers are used as a session key in communicationswith the reader/writer 100 as described later.

The data storage portion 204 is configured including storage (recording)media such as RAM, ROM, and EEPROM (electrically erasable programmableread-only memory), and stores programs and data necessary for thecontrol portion 201 to control various portions of the IC card 200.Furthermore, the data storage portion stores data from the reader/writer100 and data offered to the reader/writer 100.

The encryption portion 205 encrypts keys and data supplied to thereader/writer 100. The decryption portion 206 decrypts the encryptedkeys and data from the reader/writer 100. The encryption portion 205 anddecryption portion 206 perform encryption and decryption based on one ofplural algorithms described in the capability list. Plural (more than 1)algorithms that can be treated by the device itself are described in thecapability list. One of the plural described algorithms is selected(specified), and encryption or decryption based on the selected(specified) algorithm is performed.

The communication portion 207 is configured including an LC circuitcomposed, for example, of a coil-like antenna and capacitors. Thecommunication portion is designed to resonate with electromagnetic wavesof a given frequency radiated from the reader/writer 100 disposed closeto the LC circuit. Furthermore, the communication portion 207 rectifiesan alternating magnetic field excited in the antenna by ASK modulation,stabilizes it, and supplies it as a DC power supply to various portions.The electric power of the electromagnetic waves radiated from thereader/writer 100 is so adjusted that a magnetic field that feeds anecessary electric power to the IC card 200 is produced.

Additionally, the communication portion 207 demodulates the modulatedwaves (ASK modulated waves) received via the antenna by performing anenvelope detection, demodulates the demodulated data by BPSK (binaryphase shift keying) demodulation, supplies the data to the controlportion 201 and so on, generates a clock signal having the samefrequency as the clock frequency of the received signal, and suppliesthe generated signal to the control portion 201.

Furthermore, the communication portion 207 ASK-modulates theBPSK-modulated data, for example, based on variations in the load on theantenna in a case where given information is sent to the reader/writer100, and sends the modulation component to the reader/writer 100 via theantenna.

As described previously, the reader/writer 100 and IC card 200 performcommunications wirelessly and so two or more IC card(s) orreader/writer(s) radiate out electromagnetic waves at the same time. Asa result, there is the anxiety that it is impossible to discriminatewhether the IC card or the reader/writer has emitted the electromagneticwaves (what object has emitted the electromagnetic waves), i.e.,so-called collision. However, the reader/writer 100 and IC card 200 inthe communication system 50 perform communications matched to NFCIP(near field communication-interface and protocol)-1 that is acommunication method capable of identifying IC cards and RFIDs lyingwithin the range in which they can communicate with the reader/writer.

NFCIP-1 incorporates mechanisms permitting RF detection and avoidingcollision, in order to enable comparability of communications of otherNFCIP-1 device with communications by other device communicating in thesame band. An NFC device identifier known as NFC identifier (NFCID (NFCIdentifier)) is used when RF collision is avoided and used forprocessing for searching for a single device, the NFC device identifierutilizing random numbers. In conventional communication system, IDsintrinsic to the IC card are sent to the reader/writer and thereader/writer identifies each individual IC card based on the IDs, thuspreventing collision. In NFCIP-1, it is not necessary to send the IDintrinsic to the IC card to the reader/writer.

Accordingly, in the communication system 50, the reader/writer 100 andIC card 200 can uniquely identify their respective communicating partieseven if the card ID intrinsic to the IC card 200 is not sent to thereader/writer 100, whereby collision can be prevented.

Details of NFCIP-1 are described in ISO/IEC18092.

In the following description, a case in which the reader/writer 100operates as an initiator stipulated in NFCIP-1, while the IC card 200operates as a target stipulated in NFCIP-1 is taken as an example.

[With Respect to Operation of the System]

The operation of the communication system 50 shown in FIG. 2 is nextdescribed by referring to the flowchart of FIG. 3. First, the operationof the communication system 50 is briefly described by referring to theflowchart of FIG. 3. Then, details of the operations of thereader/writer 100 and IC card 200 will be described.

The reader/writer 100 sends a capability list to the IC card 200 in stepS51. The sent capability list is received by the IC card 200 in stepS61. If the IC card 200 receives the capability list from thereader/writer 100, the IC card sends the capability list of its own tothe reader/writer 100 in step S62. The sent capability list is receivedby the reader/writer 100 in step S52.

In this way, the reader/writer 100 and IC card 200 exchange informationabout their mutual communication capabilities, in this case, informationabout algorithms associated with encryption and decryption.

The reader/writer 100 refers to its own capability list and thecapability list of the IC card 200 in step S53, and selects algorithmsdescribed in the mutual lists, i.e., the algorithms used for encryptionand decryption, out of the common algorithms.

In step S54, an encryption key and a decryption key are created based onthe selected algorithms, and the encryption key out of the keys is sentto the IC card 200. In this description, a case is taken as an examplein which an algorithm by which an encryption key and a decryption keyare created is selected. The created keys and the method of creatingthem are different according to the selected algorithm.

If the IC card 200 receives the encryption key from the reader/writer100 in step S63, the IC card generates random numbers in step S64 andsets the generated random numbers as a session key. The session key isencrypted with the received encryption key and sent to the reader/writer100.

If the reader/writer 100 receives the encrypted session key in step S55,the reader/writer decrypts the encrypted session key using thedecryption key created in step S54.

In this way, the session key is shared between the reader/writer 100 andthe IC card 200. After the session key is shared, communications usingthe session key are carried out according to circumstances.

Here, as described above, it is assumed that the session key isencrypted and sent, for example, in step S-step S64. Alternatively, amaterial for creating the session key may be sent instead of sending thesession key itself.

That is, in the present embodiment, an encryption method is determinedby exchanging capability lists as the description continues below. Insome cases, the session key itself is sent and received based on thedetermined encryption method. In other cases, a material for creatingthe session key is sent and received. In further cases, information notassociated with the session key is sent and received depending on thedetermined encryption method. The information sent and received dependson the determined encryption method.

The operation of the reader/writer 100 is next described in detail byreferring to the flowchart of FIG. 4.

In step S101, the reader/writer 100 creates a capability list. Thecontrol portion 101 of the reader/writer 100 creates a capability listsent to the IC card 200 by referring to the capability list stored inthe capability list storage portion 102. The created capability list issent to the IC card 200 in step S102.

The relationship between the capability list (hereinafter may bereferred to as the first capability list according to circumstances)stored in the capability list storage portion 102 and the createdcapability list (hereinafter may be referred to as the second capabilitylist according to circumstances) is now described by referring to FIGS.5 and 6.

FIG. 5 is a diagram showing one example of capability list stored in thecapability list storage portion 102. Algorithms associated withencryption and decryption are classified into two, i.e., key sharingsystem and cryptocommunication system. For convenience of illustration,in this description, capability lists are classified into two lists asshown in FIG. 5. Of course, one list form is also possible.

A list in which 16 algorithms can be registered as key sharing systemsand a list in which 16 algorithms can be registered ascryptocommunication systems are stored in the capability list storageportion 102. It is assumed here that sixteen algorithms can beregistered in each list. This corresponds to the manner in which thesecond capability list sent to the IC card 200 is represented in termsof 16 bits as shown in FIG. 6. Therefore, if the second capability listis created with bit numbers other than 16 bits, algorithms correspondingin number with the number of bits can be stored as a first capabilitylist.

The second capability list shown in FIG. 6 shows one example in which 16bits are assigned to the key sharing systems and 16 bits are assigned tothe cryptocommunication systems. In FIGS. 5 and 6, the key sharingsystems are indicated by K according to circumstances. Thecryptocommunication systems are indicated by C according tocircumstances.

In describing the relationship between the first capability list shownin FIG. 5 and the second capability list shown in FIG. 6, if thereader/writer 100 has the capability of handling the algorithm describedin the column “K-0” of the first capability list, the bit of “K-0” ofthe key supply system of the second capability list shown in FIG. 6 isset to 1. The description is continued, assuming that the bitcorresponding to a possessed capability is set to 1 and that the bitcorresponding to a capability not possessed is set to 0. It is alsopossible that the bit corresponding to a possessed capability is set to0 and that the bit corresponding to a capability not possessed is set to1.

One algorithm is assigned to each column of the first capability list.For example, with reference to FIG. 5, an algorithm “DH 768 bit” that isa key sharing system is assigned to the column “K-0”. Where the assignedalgorithm can be handled, any form of information is written in thecolumn. The information written in the column may be a flag indicatingwhether or not it can be handled. Information such as the name of thealgorithm may also be possible.

In this way, a given column of the first capability list stored in thecapability list storage portion 102 is made to correspond to a givenalgorithm. As shown in FIG. 5, each column corresponding to an algorithmnot handled by the reader/writer 100 is made blank (no information iswritten or information indicating that it has no capability of handlingthe corresponding algorithm is described).

Alternatively, the first capability list may be a list in which onlyinformation only about algorithms treated by the reader/writer 100, forexample, is described in a manner not illustrated. For instance,according to the example shown in FIG. 5, a list consisting ofinformation “K-0, K-1, K-4, K-5, K-8, K-9, K-C, C-0, C-1, C-2, C-4, C-5,C-6” is also possible.

Furthermore, such first capability list may be updatable. For example,in communications in the communication portion 107 (FIG. 2), data abouta new algorithm may be sent and received, data about the algorithm sentand received may be stored in the data storage portion 104, and thefirst capability list stored in the capability list storage portion 102may be updated (i.e., information is described in the columncorresponding to the newly added algorithm). Algorithms described in thecapability list can be deleted. Already described information may beoverwritten.

The first capability list as shown in FIG. 5 may be referenced, and thesecond capability list shown in FIG. 6 may be created. That is, thesecond capability list may be created by setting bits, which correspondto the columns of the first capability list where information isdescribed, to 1. Alternatively, in the second capability list shown inFIG. 6, the first capability list in which the bit of the treatedalgorithm is set to 1 may also be possible (i.e., the relationship“first capability list=second capability list” is satisfied and thecapability list stored in the capability list storage portion 102 isread out and sent).

In FIG. 5, “DH” is an abbreviation of “Diffie-Hellman”. “ECDH” is anabbreviation of “Elliptic Curve Diffie-Hellman”. “RSA” is anabbreviation of “Rivest, Shamir, Adleman”. “DES” is an abbreviation of“Data Encryption Standard”. “AES” is an abbreviation of “AdvancedEncryption Standard”. “Pre-shared key” indicates a key sharing systemrelying on a pre-shared key.

We now return to the description of the flowchart of FIG. 4.

In steps S101, 102, capability lists are created and sent. The sentsecond capability list may be a list in which all the capabilities ofthe reader/writer 100 are described (it may be a second capability listin which all the information in the first capability list stored in thecapability list storage portion 102 is reflected). It may also be a listin which some of the capabilities are described.

Where a capability list in which some capabilities are described issent, a capability list in which only algorithms satisfying a requiredsecurity level are described may be created and sent because of theimportance of data sent and received, for example, in later processing.In other words, where a capability list in which some capabilities aredescribed is sent, an algorithm used for communications is determined inlater processing (specifically, in the processing of step S104). Acapability list may be created and sent in which only algorithmsbecoming candidates when the determination is made are described.

In step S103, a decision is made as to whether any capability list hasbeen received. If a capability list of the reader/writer 100 is sentfrom the reader/writer 100 to the IC card 200 (corresponding to theprocessing of step S51 of FIG. 3), a capability list of the IC card issent in as a reply to it from the IC card 200 (corresponding to theprocessing of step S52 of FIG. 3).

A capability list is stored in the capability list storage portion 202of the IC card 200 in the same way as the capability list storageportion 102 of the reader/writer 100. That is, the first capability listas shown in FIG. 5 is stored in the capability list storage portion 202of the IC card 200. The second capability list as shown in FIG. 6 issent to the reader/writer 100.

In step S103, if the control portion 101 of the reader/writer 100 hasdetermined that the control portion has received a capability list fromthe IC card 200 by the communication portion 107, the control portiondetermines an algorithm in step S104. The control portion 101 refers tothe received capability list of the IC card 200 and to the capabilitylist stored in the capability list storage portion 102 and selects analgorithm that can be treated by both (i.e., an algorithm for which aflag is set in two capability lists is selected).

For example, where both the reader/writer 100 and IC card 200 store thecapability list shown in FIG. 5, a flag is set in each of columns “K-0,K-1, K-4, K-5, K-8, K-9, K-C, C-0, C-1, C-2, C-4, C-5, C-6”. Therefore,one algorithm is selected from the key-sharing systems (K) of “K-0, K-1,K-4, K-5, K-8, K-9, K-C”, and one algorithm is selected from thecryptocommunication systems (C) of “C-0, C-1, C-2, C-4, C-5, C-6”.

In this case, in the key-sharing systems (K), for example, algorithmscorresponding to 7 columns “K-0, K-1, K-4, K-5, K-8, K-9, K-C” areselected as choices. Thus, conditions under which what algorithms areselected when plural choices are present may be set according tocircumstances in design stages, taking account of the functionspossessed by the reader/writer 100 and what kinds of data to be managed.

Furthermore, as an example, priority orders may be placed. An algorithmhaving a higher order may be selected according to the priority orders.Alternatively, as later processing, data is exchanged with the IC card200, for example. Selection may be made based on the importance or thelike of the data. That selection is made based on the importance or thelike of data means that an algorithm that cannot be easily deciphered isselected when important data is sent and received. Generally, as the keybecomes longer, it becomes more difficult to decipher. Therefore, wherethere are “K-0 (DH 768 bit)” and “K-1 (DH 1024 bit)” as choices, forexample, the longer key “K-1 (DH 1024 bit)” is selected.

In this way, algorithms used for encryption and decryption aredetermined based on some condition or other.

In step S105, an encryption key and a decryption key are created basedon the determined algorithm. The control portion 101 issues aninstruction to the key creation portion 103 to create the keys based onthe determined algorithm. On receiving the instruction, the key creationportion 103 creates the encryption key and decryption key based on thedetermined algorithm.

Depending on the determined algorithm, the encryption key and decryptionkey created by the key creation portion 103 are taken as a set of keys.A plaintext (data) encrypted with the created encryption key(hereinafter may be referred to as the public key according tocircumstances) cannot be decrypted unless a set of created decryptionkeys (hereinafter may be referred to as secret keys according tocircumstances) is available.

In step S106, the created encryption key is sent. The communicationportion 107 sends the encryption key, which has been created by the keycreation portion 103, to the IC card 200. Together with the encryptionkey, information (hereinafter may be referred to as identificationinformation according to circumstances) for identifying the determinedalgorithm (algorithm used for creating the encryption key) is sent. Acapability list which is in the capability list form, for example, asshown in FIG. 6 and in which only the bits of the determined algorithmare set can be used as the identification information.

When the encryption key is supplied to the IC card 200, the IC card 200sends an encryption session key encrypted using the encryption key as akey (corresponding to the processing of step S64 of FIG. 3). Thereader/writer 100 makes a decision as to whether it has received theencryption session key from the IC card 200 in step S107, and keepswaiting for reception until the reader/writer determines that it hasreceived.

If the decision at step S107 is that the encryption session key has beenreceived, the processing is made to go to step S108, where theencryption session key is decrypted. If the encryption session key isreceived by the communication portion 107 of the decryption portion 106,the decryption portion decrypts the encryption session key with thedecryption key created by the key creation portion 103.

In step S109, communications using the decrypted session key arestarted. For example, where data stored in the data storage portion 104is sent from the reader/writer 100 to the IC card 200, the data is readfrom the data storage portion 104. The data is encrypted in theencryption portion 105 using the session key as a key. The data is sentby the communication portion 107 to the IC card 200. Where data is sentin from the IC card 200, the data is received by the communicationportion 107. The data is decrypted by the decryption portion 106 usingthe session key as a key.

In this way, in the present embodiment, at the instant when the sessionkey is not yet exchanged, information about the capabilities ofalgorithms associated with encryption and decryption is sent andreceived. Furthermore, algorithms are selected based on the informationsent and received. This permits plural algorithms to be treated. Becauseplural algorithms can be treated, in communications requiring a highersecurity level or conversely in communications permitting a lowersecurity level, it is possible to cope with a wide scope ofcommunications. Expansibility can be imparted to communications.

The operation of the IC card 200 is next described by referring to theflowchart of FIG. 7.

Instep S201, the IC card 200 makes a decision as to whether or not ithas received a capability list. The control portion 201 of the IC card200 makes a decision as to whether the capability list from thereader/writer 100 has been received by the communication portion 207.The control portion causes the communication portion to keep waiting forreception until the control portion determines that the list isreceived.

Where the decision at step S201 is that the capability list from thereader/writer 100 has been received, a capability list is created instep S202. In step S203, the created capability list is sent.

Processing of the step S202 and step S203 is carried out fundamentallysimilarly to the processing of step S101 and step S102 executed by thereader/writer 100. That is, the IC card 200 also stores the firstcapability list as shown in FIG. 5 into the capability list storageportion 202. The list is sent with the second capability list as shownin FIG. 6.

When the IC card 200 sends the capability list (second capability list),the sent capability list maybe a list in which all the capabilities ofthe IC card 200 have been described (it may be the second capabilitylist in which all information about the first capability list stored inthe capability list storage portion 202 have been reflected) or a listin which some capabilities are selectively described.

Where a capability list in which some capabilities are described issent, the received capability list of the reader/writer 100 isreferenced, for example. An algorithm coincident with the reader/writer100 is selected. A capability list in which only the selected algorithmis described is created and sent. Where there is not any coincidentalgorithm, it is impossible to perform encryption or decryption with thesame algorithm and so the capability list can be prevented from beingsent.

Furthermore, the IC card 200 may reference the capability list of thereader/writer 100 before a capability list is created and make adecision as to whether communication with the reader/writer 100 iscontinued. For example, the IC card 200 may judge an algorithmsatisfying a required security level from the importance of data sentand received, reference the capability list of the reader/writer 100,determine that the communication should be discontinued if it hasdetermined that the reader/writer 100 is not a device capable oftreating the algorithm satisfying the security level, and discontinuethe following processing.

We return to the description of the flowchart of FIG. 7. In step S203,if a capability list is sent, the processing is made to proceed to stepS204, where a decision is made as to whether or not an encryption keyhas been received. If the reader/writer 100 receives the capability listfrom the IC card 200 as mentioned previously, the reader/writer createsand sends an encryption key. A decision is made as to whether or not thesent encryption key has been received.

If the decision at step S204 is that an encryption key has beenreceived, the processing is made to go to step S205, where an algorithmis identified. The algorithm is identified based on identificationinformation sent in from the reader/writer 100 together with theencryption key.

In step S206, the random number creation portion 203 creates (generates)random numbers A. In step S207, the control portion 201 stores thecreated random numbers A, for example, into a predetermined given regionof the data storage portion 204.

In this description, a case in which the identified algorithm is analgorithm generating random numbers and taking the random numbers as asession key as described below is taken as an example.

Therefore, for example, in a case where other algorithm is identified aswill be described with reference to the figures subsequent to FIG. 8,processing subsequent to step S206 is carried out based on theidentified algorithm and, therefore, random numbers are not alwaysgenerated.

In step S208, the encryption portion 206 takes the encryption keyreceived by the communication portion 207 as a key and encrypts therandom numbers A generated by the random number creation portion 203. Instep S209, the encrypted random numbers A are taken as a session key andstored, for example, into a predetermined given region within the datastorage region 204.

In step S210, the encrypted random numbers A, i.e., the encryptedsession key, are sent to the reader/writer 100.

In the stage preceding start of processing such as sending and receptionof data, lists of algorithms regarding encryption and decryption areexchanged between devices that send and receive data in this way.Therefore, plural algorithms can be treated. The algorithms can betreated differently, for example, according to security levels. It ispossible to impart expansibility to communications.

As described previously, where plural algorithms can be treated, it isnecessary that the reader/writer 100 and IC card 200 may be configuredto correspond to algorithms treated by themselves. In the configurationsof the reader/writer 100 and IC card 200 described with reference toFIG. 2, the reader/writer 100 is configured to be capable of creatingand sending an encryption key. The IC card 200 is configured to becapable of encrypting random numbers using an encryption key sent in asa key and sending the encrypted random numbers. These configurationscorrespond to algorithms which take the random numbers generated on theside of the IC card 200 as a session key, as described previously.

The present embodiment in a case where other algorithms are applied isnext described.

The present embodiment in a case where the DH (Diffie-Hellman) processis applied as an algorithm is described by referring to FIGS. 8-10.

In the DH process, it is necessary to create (hold) a public key and asecret key and so the IC card 200 is configured to be equipped with akey creation portion 301 for creating keys as shown in FIG. 8.

The communication system 50 shown in FIG. 8 is composed of reader/writer100 and IC card 200 in the same way as the communication system 50 shownin FIG. 2. The reader/writer 100 is made similar in configuration withthe reader/writer 100 shown in FIG. 2. The IC card 200 is configured tobe equipped with a key creation portion 301 for creating keys. Accordingto the configuration of the IC card 200 shown in FIG. 8, it is possibleto cope with an algorithm that creates the aforementioned random numbersand takes the random numbers as a session key. It is also possible tocope with an algorithm that creates keys as described below and takesthe keys as session keys.

The communication system 50 shown in FIG. 8 operates fundamentally inthe same way as the case described by referring to the flowchart of FIG.3. That is, before keys are sent and received, capability listsindicating what algorithms are used in creating keys (i.e., keys arecreated based on what algorithms) are exchanged, and after the exchange,creation and exchange of the keys are performed based on the algorithms.

The operations of the reader/writer 100 and IC card 200, respectively,are described below.

First, the operation of the reader/writer 100 is described by referringto the flowchart of FIG. 9. Description of the operation performed inthe same way as the operation of the reader/writer 100 described withreference to the flowchart of FIG. 4 may be omitted according tocircumstances.

In steps S301 and S302, capability lists are created and sent. In stepS303, if a capability list from the IC card 200 is received, analgorithm or algorithms are determined in step S304.

The processing of the steps S301 to S304 is carried out similarly tosteps S101 to S104 of FIG. 2. That is, processing regarding exchange ofcapability lists is similarly performed irrespective of algorithms usedin later processing.

In step S304, an algorithm or algorithms are determined. Here, thedescription is continued on the assumption that the method is determinedas the DH process.

In step S305, the key creation portion 103 (FIG. 8) creates a public keyand a secret key based on the DH process that is the determinedalgorithm. To discriminate the public key and secret key created by thereader/writer 100 from the public key and secret key created by the ICcard 200, the public key and secret key created by the reader/writer 100are referred to as public key Ki and secret key Ki, respectively. Thepublic key and secret key created by the IC card 200 are referred to aspublic key Kt and secret key Kt, respectively.

The key creation portion 103 creates the secret key Ki. The key creationportion 103 creates the public key Ki based on the following formula,using the created secret key Ki.

public key ki=g ̂ secret key Ki mod p

In this formula, g and p are values referred to as domain parameters.The same value is used in both reader/writer 100 and IC card 200.

The public key Ki and secret key Ki created in this way are stored inthe data storage portion 104.

In step S306, the created public key Ki and the identificationinformation for identifying the algorithm determined in step S304 aresent to the IC card 200.

In step S308, a decision is made as to whether the public key Kt of theIC card 200 has been received from the IC card 200. The IC card 200sends its own public key Kt in response to that the reader/writer 100has sent the public key Ki. In step S308, a decision is made as towhether or not the public key Kt sent in has been received. The state inwhich the IC card is waiting for reception is maintained until receptionis judged.

In step S309, the session keys from the IC card 200 are decrypted.Session keys are derived from the following equation, using the receivedpublic key Kt of the IC card 200 and the public key Ki of thereader/writer 100.

each session key=public key Kt ̂ secret key Ki mod p

If the session keys are derived, communications using the session keysare started in step S310.

If capability lists are exchanged and algorithms are determined in thisway, processing is carried out based on the algorithms. In other words,processing prior to determination of algorithms is performed commonlyregardless of algorithms. After algorithms are determined, processingbased on the determined algorithms is performed. Plural algorithms canbe treated by exchanging information indicating what algorithms can betreated before the processing based on algorithms is performed in thisway. Algorithms suitable for making communications can be selected fromplural algorithms. Expansibility can be imparted to communications.

Then, the operation of the IC card 200 when the processing of theflowchart shown in FIG. 9 is performed on the side of the reader/writer100 is described by referring to the flowchart of FIG. 10. Processing ofsteps S401 to S403 is similar to the processing of steps S201 to S203 ofFIG. 7. That is, in this case, too, processing performed in exchangingcapability lists is performed commonly irrespective of algorithms.

In step S404, a decision is made as to whether or not the public key Kifrom the reader/writer 100 has been received. If the decision at stepS404 is that the public key Ki has been received, processing is made togo to step S405, where algorithms are identified. The processing ofsteps S404 and S405 is fundamentally similar to steps S204 and S205 ofFIG. 7 except that the received key is the public key Ki.

In step S406, the key creation portion 301 of the IC card 200 createsthe public key Kt and secret key Kt. If the control portion 201 receivesthe public key Ki and identification information for identifyingalgorithms by means of the communication portion 207, the controlportion first identifies the algorithms from the identificationinformation. The control portion 201 issues an instruction to the randomnumber creation portion 203 or the key creation portion 301 according tothe identified algorithm. In this case, the identified algorithm is theDH process and so an instruction is issued to the key creation portion301 to create the public key Kt and secret key Kt based on the DHprocess.

The secret key Kt is first created in the key creation portion 301.Using the created secret key Kt, the public key Kt is created based onthe following formula.

public key kt=g ̂ secret key Kt mod p

The public key Kt and secret key Kt created in this way are stored inthe data storage portion 204 in step S407.

In step S408, session keys are created with the received public key Kiand the created secret key Kt. The session keys are created based on thefollowing formula in the key creation portion 301 or encryption portion206.

each session key=public key ki ̂ secret key Kt mod p

Where session keys are created based on the DH process, thereader/writer 100 and IC card 200 create (derive) session keys (thereader/writer 100 creates them in step S309, while the IC card 200creates them in step S408). Because the same session keys are created(derived), the reader/writer 100 and IC card 200 share the same sessionkeys.

In step S410, the created public key Kt is sent to the reader/writer100. Using the public key Kt, the reader/writer 100 derives the sessionkeys as described above.

In this way, plural algorithms can be treated. Processing according tothe selected algorithm can be performed. The configurations of thereader/writer 100 and IC card 200 are not limited to the examples ofconfiguration of FIGS. 2 and 8. Of course, structures for realizingfunctions required according to treated algorithms are added or deletedaccording to circumstances.

Specific examples of exchanged capability lists regarding the presentembodiment are cited and described by referring to the flowchart of FIG.11.

In step S501, the reader/writer 100 creates and sends a capability list.In the following description, a case in which a capability list as shownin FIG. 12 is stored in the capability list storage portion 102 is takenas an example. In the capability list shown in FIG. 12, as the keysharing system Ki, {DH 768 bit} is described in column “K-0”, and {EDch160 bit} is described in the column “K-4”, respectively. As theencryption communication system Ci, {DES 56 bit} is described in column“C-0”, and {AES 128 bit} is described in column “C-4”, respectively.

Such a capability list which is created by referring to a capabilitylist as shown in FIG. 12 becomes as shown in FIG. 13, for example. Thatis, the sent capability list is a list in which the bits of columns“K-0” and “K-4” corresponding to two systems of {DH 768 bit} and {EDch160 bit}, respectively, as key sharing systems Ki are set to 1. As thecryptocommunication systems Ci, the bits of columns “C-1” and “C-4”corresponding to two systems of {DES 56 bit} and {AES 128 bit},respectively, are set to 1.

If such a capability list is sent, it is received by the IC card 200 instep S601. In step S602, the IC card 200 creates and sends a capabilitylist. In the following description, a case in which a capability list asshown in FIG. 14 is stored in the capability list storage portion 202 istaken as an example. In the capability list shown in FIG. 14, {DH 768bit} and {DH 1024 bit} are described as key sharing systems Kt incolumns “K-0” and “K-1”, respectively. {AES 128 bit} is described as thecryptocommunication system Ct in column “C-4”.

Such a capability list created by referring to a capability list asshown in FIG. 14 is as shown in FIG. 15. That is, the sent capabilitylist is a list in which the bits of columns “K-0” and “K-1”corresponding to two key sharing systems Kt {DH 768 bit} and {DH 1024bit}, respectively, are set to 1, and the bits of column “C-4”corresponding to a single system {AES 128 bit} as thecryptocommunication system Ct are set to 1.

If such a capability list is sent, it is received by the reader/writer100 in step S502. Instep S503, the reader/writer 100 determines analgorithm. As for the key sharing system K, in this case, thereader/writer 100 corresponds to two systems {DH 768 bit, EDch 160 bit}.The IC card 200 corresponds to a single system {DH 68 bit, DH 1024 bit}with two different security levels. Therefore, the common system {DH 768bit} is selected.

In this case, as for the cryptocommunication system C, the reader/writer100 corresponds to two systems of {DES 56 bit, AES 128 bit}, and the ICcard 200 corresponds to one system of {AES 128 bit}. Therefore, thecommon system {AES 128 bit} is selected.

As a result, the key sharing system K={DH 768 bit} is selected as analgorithm and the cryptocommunication system C={AES 128 bit} isselected.

In step S504, the reader/writer 100 creates the public key Ki and secretkey Ki. In this case, because the DH process is selected as a keysharing system, the secret key Ki is created. Using the created secretkey Ki, the public key Ki is created based on the following formula.

public key ki=g ̂ secret key Ki mod p

In step S505, the public key Ki and the identification information aboutthe algorithm are sent. In this case, as for the identificationinformation about the algorithm, information stating that key sharingsystem K={DH 768 bit} and cryptocommunication system C={AES 128 bit} isinformation that can be identified on the side of the IC card 200.

If such public key Ki and identification information are sent, they arereceived by the IC card 200 in step S603. In step S604, the public keyKt and secret key Kt are created. In this case, it is identified fromthe identification information that the algorithm is the DH process andthat the key length is 768 bits. Therefore, the public key Kt and secretkey Kt based on the DH process are created.

If the secret key Kt is created in the IC card 200, the created secretkey Kt is used, and the public key Kt is created based on the followingformula.

public key kt=g ̂ secret key Kt mod p

In step S605, session keys are created. Each session key is createdbased on the following formula from the received public key Ki andcreated secret key Kt.

each session key=public key Ki ̂ secret key Kt mod p

In step S606, the created public key Kt is sent to the reader/writer100.

In step S506, if the reader/writer 100 receives the public key Kt fromthe IC card 200, session keys are derived in step S507. Each session keyis derived by the following formula.

each session key=public key Kt ̂ secret key Ki mod p

If the session keys are derived, a cryptocommunication in which thederived session keys are utilized for packet encryption is performed. Inthis case, cryptocommunications in which the session keys are utilizedfor encryption of {AES 128 bit} are carried out.

That is, in step S508, data (plaintext i) sent to the IC card 200 isencrypted by an AES type encryption method using the session keys askeys. Ciphertext i is created and sent.

ciphertext i=AES128_(—) ENC(plaintext i)

If the sent ciphertext i is received by the IC card 200 in step S607,the ciphertext is decrypted in step S608. That is, in this case, the ICcard 200 recognizes that the received ciphertext i has been encrypted bythe AES method. Therefore, the IC card decrypts the received ciphertexti by the AES method using the session keys, thus obtaining plaintext i.

plaintext i=AES128_(—) DES(ciphertext i)

The IC card 200 that has obtained the plaintext i in this way encryptsthe data and sends the data to the reader/writer 100 as the need arises.Here, in step S609, it is assumed that the IC card 200 encryptsplaintext t by the AES method, creates ciphertext t, and sends it.

ciphertext t=AES128_(—) ENC(plaintext t)

If the sent ciphertext t is received by the reader/writer 100 in stepS509, the ciphertext is decrypted in step S510. That is, in this case,the reader/writer 100 recognizes that the received ciphertext t has beenencrypted by the AES method and so the received ciphertext t isdecrypted by the AES method using the session keys, thus obtainingplaintext t.

plaintext t=AES128_(—) DES(ciphertext t)

In this way, reception and sending of data is repeated the requirednumber of times.

In the above-described embodiment, an algorithm is determined on theside of the reader/writer 100. It may also be determined on the side ofthe IC card 200.

Processing associated with exchange of capability lists in theaforementioned embodiment may be performed at any timing as long as theprocessing is performed in a stage when the algorithm is not yetdetermined. For example, when the side of the reader/writer 100 issues apolling request, a capability list may be sent as the polling request.

Furthermore, for example, the side of the reader/writer 100 may issue apolling request. A capability list may be sent at the instant when theIC card 200 responds to the polling request.

Moreover, in the description of the above embodiment, a capability listis sent from the side of the reader/writer 100 and then a capabilitylist is sent from the side of the IC card 200. A capability list may besent first from the IC card 200. For example, the side of the IC card200 receives a polling request from the reader/writer 100, and the ICcard 200 sends a capability list in response to the request. Thereader/writer 100 sends a capability list in response to the list.

In the description of the above embodiment, the reader/writer 100 and ICcard 200 send their respective capability lists. It is also possiblethat only one of them sends a capability list to the other. For example,the reader/writer 100 may send a capability list to the IC card 200. TheIC card 200 may refer to the capability list originating form thereader/writer 100, select a desired algorithm, and send identificationinformation about the selected algorithm to the reader/writer 100. TheIC card 200 may not transmit the capability list of the IC card 200.

Alternatively, for example, the IC card 200 may send a capability listto the reader/writer 100, the reader/writer 100 reference the capabilitylist originating from the IC card 200, select a desired algorithm, andsend identification information about the selected algorithm to the ICcard 200. The reader/writer 100 may not transmit the capability list ofthe reader/writer 100.

In other words, one may send a capability list to the other. The otherreceiving the capability list may determine a utilized algorithm andsend identification information about the determined algorithm to theone. Thus, capability lists are not exchanged between them.

According to the present invention, plural (more than 1) algorithms usedfor encryption and decryption when data is sent and received can behandled. Appropriate algorithms can be selected and used from the pluralalgorithms according to the importance of the data received and sent.Therefore, for example, communications from a low security level to ahigh security level can be performed such that the communications cancope with required security levels. Expansibility can be imparted to thecommunications.

The words “information processor” and “device” referred to hereincorrespond to devices or apparatus which are an initiator and a target,for example, in the NFCIP-1 standard. That is, the initiator and targetcorrespond to a device that produces an RF field and starts NFCIP-1communications and a device that responds to an instruction from theinitiator by utilizing load modulation or modulation of the RF fieldproduced by the device itself, respectively. In addition, each of thesedevices or apparatus may be a communication device equipped with one ormore IC chips each having a different function, the communication devicebeing a device having other functions or the like.

In the description of the above-described embodiment, the reader/writer100 is taken as an example of the initiator, and the IC card 200 istaken as an example of the target. The present invention is not limitedin application to only the reader/writer 100 and IC card 200. Forexample, the present invention can be applied to a device that sends andreceives data. The invention can also be applied to a device thatperforms communications wirelessly when data is sent and received. Theinvention can also be applied to a device that performs communicationsvia cables.

[With Respect to Recording Medium]

The aforementioned sequence of processing operations or steps can beexecuted by hardware or software. Where the aforementioned sequence ofprocessing steps is carried out by software, a program constituting thesoftware is executed by the CPU 105 or CPU 207 of FIG. 2. The program isread in from a recording medium that can be read by the reader/writer100 (300) or IC card 200 (400).

In the present specification, the steps that perform the above-describedsequence of processing steps are carried out in the described order in atime-sequential manner, of course. The steps are not always processed ina time-sequential manner. They may also be carried out in parallel orindividually.

1. A communication system composed of an information processor and adevice performing communications, the communication system comprising:sending means sending a list indicating capabilities regardingencryption from one of the information processor and the device to theother; decision means permitting the other receiving the list sent fromthe sending means to refer to the received list and determine analgorithm by which the other can perform communications with the onewith capabilities associated with encryption of the other itself; andcommunication means performing communications by the algorithmdetermined by the decision means.
 2. A method of communication for acommunication system composed of an information processor and a deviceperforming communications, the method of communication comprising thesteps of: sending a list indicating capabilities regarding encryptionfrom one of the information processor and the device to the other;permitting the other receiving the sent list to refer to the receivedlist and to determine an algorithm by which communications with the onecan be performed with capabilities regarding encryption of the otheritself; and performing communications by the determined algorithm.
 3. Aninformation processor performing communications with a device,comprising: storage means storing a first capability list indicatingcapabilities regarding encryption; reception means receiving a secondcapability list indicating capabilities regarding encryption of thedevice; decision means determining an algorithm by which communicationsare performed with the device by referring to the first capability listand the second capability list; and sending means sending identificationinformation for identifying the algorithm determined by the decisionmeans and a key or key material relying on the algorithm to the device.4. An information processor as set forth in claim 3, further comprisinglist-sending means that selects an algorithm becoming a candidate whenprocessing for a decision is performed by the decision means from thefirst capability list, creates a third capability list in which theselected algorithm is described, and sends the created list to thedevice.
 5. An information processor as set forth in claim 3, whereinsaid decision means determines the algorithm according to a securitylevel.
 6. A method of information processing for an informationprocessor performing communications with a device, the method comprisingthe steps of: managing a first capability list indicating capabilitiesregarding encryption; controlling reception of a second capability listindicating capabilities regarding encryption of the device; referring tothe first capability list and the second capability list and determiningan algorithm by which communications with the device are performed; andcontrolling sending of identification information for identifying thealgorithm determined by processing of the determining step and a key orkey material relying on the algorithm to the device.
 7. A program for acomputer that controls an information processor performingcommunications with a device, the program comprising the steps of:managing a first capability list indicating capabilities regardingencryption; controlling reception of a second capability list indicatingcapabilities regarding encryption of the device; referring to the firstcapability list and the second capability list and determining analgorithm by which communications with the device are performed; andcontrolling sending of identification information for identifying thealgorithm determined by processing of the determining step and a key orkey material relying on the algorithm to the device.
 8. A recordingmedium on which a program is recorded, the program acting to cause aninformation processor performing communications with a device to performprocessing including the steps of: managing a first capability listindicating capabilities regarding encryption; controlling reception of asecond capability list indicating capabilities regarding encryption ofthe device; referring to the first capability list and the secondcapability list and determining an algorithm by which communicationswith the device are performed; and controlling sending of identificationinformation for identifying the algorithm determined by processing ofthe determining step and a key or key material relying on the algorithmto the device.
 9. A device performing communications with an informationprocessor, comprising: sending means sending a capability listindicating capabilities regarding encryption to the informationprocessor; reception means receiving identification information foridentifying an algorithm which is determined by the informationprocessor and which is used when data is sent and received; andencryption-decryption means identifying the algorithm from theidentification information and encrypting or decrypting data by theidentified algorithm.
 10. A device set forth in claim 9, furthercomprising second reception means that receives a second capability listindicating capabilities regarding encryption of said informationprocessor, and wherein capabilities that can be treated by the deviceitself and selected from capabilities described in the second capabilitylist are described in the capability list sent by the sending means. 11.A method of information processing for a device performingcommunications with an information processor, the method comprising thesteps of: controlling sending of a capability list indicatingcapabilities regarding encryption to the information processor;controlling reception of identification information for identifying analgorithm which is determined by the information processor and which isused when data is sent and received; and identifying the algorithm fromthe identification information and encrypting or decrypting data by theidentified algorithm.
 12. A program for a computer controlling a devicethat performs communications with an information processor, the programincluding the steps of: controlling sending of a capability listindicating capabilities regarding encryption to the informationprocessor; controlling reception of identification information foridentifying an algorithm which is determined by the informationprocessor and which is used when data is sent and received; andidentifying the algorithm from the identification information andencrypting or decrypting data by the identified algorithm.
 13. Arecording medium on which a program is recorded, the program acting tocause a device performing communications with an information processorto perform processing including the steps of: controlling sending of acapability list indicating capabilities regarding encryption to theinformation processor; controlling reception of identificationinformation for identifying an algorithm which is determined by theinformation processor and which is used when data is sent and received;and identifying the algorithm from the identification information andencrypting or decrypting data by the identified algorithm.